From: Yehuda Sadeh <yehuda@redhat.com>
Date: Thu, 19 May 2016 00:21:28 +0000 (-0700)
Subject: rgw: check for aws4 headers size where needed
X-Git-Tag: v11.0.0~355^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=493cc5d1241693f3ea52f4d7f3a194d9e0ec1905;p=ceph.git

rgw: check for aws4 headers size where needed

Fixes: #15940

Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
---

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 2358955559ea..1da507bee285 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3282,8 +3282,15 @@ int RGW_Auth_S3::authorize_v4(RGWRados *store, struct req_state *s)
 
     using_qs = false;
     s->aws4_auth->credential = s->http_auth;
+#define AWS4_HMAC_SHA256_STR "AWS4-HMAC-SHA256"
+#define CREDENTIALS_PREFIX_LEN (sizeof(AWS4_HMAC_SHA256_STR) - 1)
+    ssize_t min_len = CREDENTIALS_PREFIX_LEN + 1;
+    if (s->aws4_auth->credential.length() < min_len) {
+      ldout(store->ctx(), 10) << "credentials string is too short" << dendl;
+      return -EINVAL;
+    }
 
-    s->aws4_auth->credential = s->aws4_auth->credential.substr(17, s->aws4_auth->credential.length());
+    s->aws4_auth->credential = s->aws4_auth->credential.substr(min_len, s->aws4_auth->credential.length());
 
     pos = s->aws4_auth->credential.find("Credential");
     if (pos == std::string::npos) {
@@ -3302,7 +3309,7 @@ int RGW_Auth_S3::authorize_v4(RGWRados *store, struct req_state *s)
 
     s->aws4_auth->signedheaders = s->http_auth;
 
-    s->aws4_auth->signedheaders = s->aws4_auth->signedheaders.substr(17, s->aws4_auth->signedheaders.length());
+    s->aws4_auth->signedheaders = s->aws4_auth->signedheaders.substr(min_len, s->aws4_auth->signedheaders.length());
 
     pos = s->aws4_auth->signedheaders.find("SignedHeaders");
     if (pos == std::string::npos) {
@@ -3332,7 +3339,12 @@ int RGW_Auth_S3::authorize_v4(RGWRados *store, struct req_state *s)
 
     s->aws4_auth->signature = s->http_auth;
 
-    s->aws4_auth->signature = s->aws4_auth->signature.substr(17, s->aws4_auth->signature.length());
+    if (s->aws4_auth->signature.size() < min_len) {
+      ldout(store->ctx(), 10) << "signature string is too short" << dendl;
+      return -EINVAL;
+    }
+
+    s->aws4_auth->signature = s->aws4_auth->signature.substr(min_len, s->aws4_auth->signature.length());
 
     pos = s->aws4_auth->signature.find("Signature");
     if (pos == std::string::npos) {